---
title: Environment Variables
sidebar_position: 7
---

# Customization through environment variables

The following environment variables can be used to customize the behavior.

- VDB_HOME - Directory to use for caching database. For docker-based execution, this directory should get mounted as a volume from the host
- VDB_DATABASE_URL - Vulnerability DB URL. Defaults to: ghcr.io/appthreat/vdbxz:v6.4.x, which includes both app and OS vulnerabilities. For a smaller app-only database, use `ghcr.io/appthreat/vdbxz-app:v6.4.x`
- USE_VDB_10Y - Set to true to use the larger 10-year vulnerability database with both app and OS vulnerabilities. Default download url: ghcr.io/appthreat/vdbxz-10y:v6.4.x. For an app-only 10 year database use `ghcr.io/appthreat/vdbxz-app-10y:v6.4.x`
- VDB_AGE_HOURS - Set the age threshold for the vulnerability database before it is re-downloaded. The default is 24 hours.
- DEPSCAN_TEMP_DIR - Temporary directory to use.
- DEPSCAN_SOURCE_DIR_IMAGE - Alternative to `--src` argument to pass the source directory or image name.
- DEPSCAN_REPORTS_DIR - Alternative to `--reports-dir` to pass the output reports directory.
- DEPSCAN_SOURCE_IMAGE - Source image name to use for lifecycle analysis. Same as the key `source_image` in the configuration file.
- DEPSCAN_BUILD_DIR - Build directory to use for lifecycle analysis. Blint sbom command will be executed with this directory. Defaults to the source directory (`--src`). Same as the key `build_dir` in the configuration file.
